From: Andy Adamson <andros@xxxxxxxxxx>
Signed-off-by: Andy Adamson <andros@xxxxxxxxxx>
---
utils/gssd/gssd_proc.c | 107 +++++++++++++++++++++++++-----------------------
1 files changed, 56 insertions(+), 51 deletions(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index d01ba2f..97e8f99 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -996,58 +996,63 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
break;
}
}
- if (create_resp != 0) {
- if (uid == 0 && (root_uses_machine_creds == 1 ||
- service != NULL)) {
- int nocache = 0;
- int success = 0;
- do {
- gssd_refresh_krb5_machine_credential(clp->servername,
- NULL, service,
- tgtname);
- /*
- * Get a list of credential cache names and try each
- * of them until one works or we've tried them all
- */
- if (gssd_get_krb5_machine_cred_list(&credlist)) {
- printerr(0, "ERROR: No credentials found "
- "for connection to server %s\n",
- clp->servername);
- goto out_return_error;
- }
- for (ccname = credlist; ccname && *ccname; ccname++) {
- gssd_setup_krb5_machine_gss_ccache(*ccname);
- if ((create_auth_rpc_client(clp, &rpc_clnt,
- &auth, uid,
- AUTHTYPE_KRB5)) == 0) {
- /* Success! */
- success++;
- break;
- }
- printerr(2, "WARNING: Failed to create machine krb5 context "
- "with credentials cache %s for server %s\n",
- *ccname, clp->servername);
- }
- gssd_free_krb5_machine_cred_list(credlist);
- if (!success) {
- if(nocache == 0) {
- nocache++;
- printerr(2, "WARNING: Machine cache is prematurely expired or corrupted "
- "trying to recreate cache for server %s\n", clp->servername);
- } else {
- printerr(1, "WARNING: Failed to create machine krb5 context "
- "with any credentials cache for server %s\n",
- clp->servername);
- goto out_return_error;
- }
+ if (create_resp == 0)
+ goto resp_found;
+ if (uid == 0 && (root_uses_machine_creds == 1 || service != NULL)) {
+ int nocache = 0;
+ int success = 0;
+ do {
+ gssd_refresh_krb5_machine_credential(clp->servername,
+ NULL, service,
+ tgtname);
+ /*
+ * Get a list of credential cache names and try each
+ * of them until one works or we've tried them all
+ */
+ if (gssd_get_krb5_machine_cred_list(&credlist)) {
+ printerr(0, "ERROR: No credentials found "
+ "for connection to server %s\n",
+ clp->servername);
+ goto out_return_error;
+ }
+ for (ccname = credlist; ccname && *ccname; ccname++) {
+ gssd_setup_krb5_machine_gss_ccache(*ccname);
+ if ((create_auth_rpc_client(clp, &rpc_clnt,
+ &auth, uid,
+ AUTHTYPE_KRB5)) == 0) {
+ /* Success! */
+ success++;
+ break;
+ }
+ printerr(2, "WARNING: Failed to create machine "
+ "krb5 context with credentials cache "
+ "%s for server %s\n",
+ *ccname, clp->servername);
+ }
+ gssd_free_krb5_machine_cred_list(credlist);
+ if (!success) {
+ if(nocache == 0) {
+ nocache++;
+ printerr(2, "WARNING: Machine cache is "
+ "prematurely expired or "
+ "corrupted trying to recreate "
+ "cache for server %s\n",
+ clp->servername);
+ } else {
+ printerr(1, "WARNING: Failed to create "
+ "machine krb5 context "
+ "with any credentials cache "
+ "for server %s\n",
+ clp->servername);
+ goto out_return_error;
}
- } while(!success);
- } else {
- printerr(1, "WARNING: Failed to create krb5 context "
- "for user with uid %d for server %s\n",
- uid, clp->servername);
- goto out_return_error;
- }
+ }
+ } while(!success);
+ } else {
+ printerr(1, "WARNING: Failed to create krb5 context "
+ "for user with uid %d for server %s\n",
+ uid, clp->servername);
+ goto out_return_error;
}
if (!authgss_get_private_data(auth, &pd)) {
--
1.7.7.6
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
